Hi Peter, although the FreeRADIUS server computes the MSK value in the MSCHAPv2 case, the MSK is discarded and not included it in the EAP response. Therefore FreeRADIUS cannot be used with IKEv2 EAP_MSCHAPv2. During LinuxTag 2009 we talked with a FreeRADIUS developer and he told us that the MSK could be easily included the EAP response (but someone would have to do that hack).
Martin has successfully tested IKEv2 EAP MSCHAPv2 with a Microsoft RADIUS server, though, which in turn accesses the Windows Active Directory for the user credentials. Best regards Andreas The Peter Winterer wrote: > Hello all, > > Currently on the strongswan wiki there is an example configuration for: > EAP_MSCHAPv2 authentication with EAP identity (username and password in > ipsec.secrets). > > My question is, can EAP_MSCHAPv2 authentication with EAP work in > conjunction with a radius server (username and password is taken from > the radius server)? > > Thanks, > Peter ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
